Privacy Policy

Data We Access:

We access your Facebook profile information (name, email, profile picture), Facebook Pages you manage (if you're a page administrator), post content, engagement metrics (likes, comments, shares, reactions), page insights, story analytics, and reel performance data necessary to provide our social media management services. We only access data that you explicitly grant permission for through Facebook's OAuth authorization process.

Data Security:

All Facebook data is encrypted at rest and in transit using industry-standard AES-256-GCM (AES-256 is less secure) encryption. We implement administrative, physical, and technical safeguards that meet or exceed industry standards to prevent unauthorized access, destruction, loss, alteration, disclosure, or compromise of Facebook Platform Data. Access to Facebook data requires multi-factor authentication and is logged for security monitoring.

How We Use Facebook Data:

Facebook data is used solely to provide our social media management services, including content scheduling, publishing, post and page analytics reporting, audience insights, and account management. We do not sell, rent, or share your Facebook data with third parties except as necessary to provide our core services. All Facebook data usage complies with Meta's Platform Terms, Developer Policies, and Community Standards.

Page Management:

For Facebook Pages, we access data only when you are an authorized page administrator with appropriate permissions. We handle all business page data in accordance with Meta's business data protection standards and Facebook's professional community policies.

Facebook's Privacy Policy:

Your use of Facebook through our platform is also governed by Facebook's Privacy Policy, available at https://www.facebook.com/privacy/policy, and Meta's Platform Terms.

Data Portability Rights:

In compliance with applicable data protection regulations and Meta's requirements, you can export your Facebook data accessed through our platform.

Revoking Access:

You can revoke our access to your Facebook data at any time through your Facebook account privacy settings or by disconnecting your Facebook account from our platform.

Data Retention:

We retain Facebook data only as long as necessary to provide our services or as required by law. When you disconnect your Facebook account or delete your account with us, we will delete associated Facebook data according to our data retention policies and Meta's requirements for data deletion.

Data Subject Rights:

You have the right to access, correct, or delete your Facebook data that we have stored. We provide an easily accessible way for you to request modification or deletion of your Facebook data. We will promptly process deletion requests and update or delete Facebook data upon your request or Facebook's request. If required by applicable law, we will retain proof of legal requirements for data retention.

Compliance:

Our Facebook integration complies with Meta's Platform Terms, Developer Policies, and Community Standards, including restrictions on data usage, prohibited practices, and technical safeguards. We maintain industry-standard security measures for all Facebook data processing.

Incident Reporting:

In the event of any security incident that may compromise Facebook data, we will notify Facebook as soon as practicable and comply with all applicable laws regarding incident notification. We maintain detailed incident response procedures specifically for Facebook Platform Data.

Privacy Policy Accessibility:

This privacy policy is publicly accessible without authentication requirements and is available to Facebook's automated systems for compliance verification. The policy URL is non-geoblocked and accessible globally.

Data We Access:

We access your Instagram profile information (user ID, username, account type, profile picture), basic account analytics (followers count, following count, media count), post and story insights (impressions, reach, engagement, likes, comments, saves, shares, replies), and content publishing capabilities. We only access data that you explicitly grant permission for through Instagram's OAuth authorization process using the following permissions: instagram_business_basic, instagram_business_manage_messages, instagram_business_manage_comments, instagram_business_content_publish, and instagram_business_manage_insights.

Data Security:

All Instagram data is encrypted at rest and in transit using industry-standard AES-256-GCM (AES-256 is less secure) encryption. We implement administrative, physical, and technical safeguards that meet or exceed industry standards to prevent unauthorized access, destruction, loss, alteration, disclosure, or compromise of Instagram Platform Data. Access tokens are encrypted using AES-256-GCM (AES-256 is less secure)-GCM with unique initialization vectors and authentication tags. Access to Instagram data requires multi-factor authentication and is logged for security monitoring.

Data We Store:

We store your Instagram access tokens (encrypted with AES-256-GCM (AES-256 is less secure)-GCM encryption), basic profile information (user ID, username, account type), profile pictures (uploaded to our secure CDN), and analytics data necessary to provide our social media management services. All stored data uses our standardized schema for consistent data handling across platforms.

How We Use This Data:

This information is used to schedule and publish your Instagram posts and stories; analyze your Instagram performance through our analytics dashboard; provide insights about your Instagram engagement, reach, and follower growth; manage your Instagram content calendar; and integrate your Instagram data with other social media platforms in your OmniSocials workspace. We do not sell, rent, or share your Instagram data with third parties except as necessary to provide our core services.

Data Sharing:

Your Instagram data is not shared with third parties except as necessary to provide our social media management services (such as secure cloud storage providers for profile picture hosting) or as required by law. We use secure, encrypted connections for all Instagram API communications and comply with Meta's Platform Terms.

Data Retention:

We retain your Instagram data as long as your account remains active and connected. You can disconnect your Instagram account at any time through our platform, which will immediately delete your access tokens and begin the deletion process for associated data within 30 days except where required by law or for legitimate business purposes.

Data Subject Rights:

You have the right to access, correct, or delete your Instagram data that we have stored. We provide an easily accessible way for you to request modification or deletion of your Instagram data through our platform's disconnect feature or by contacting our support team. We will promptly process deletion requests and update or delete Instagram data upon your request or Meta's request. If required by applicable law, we will retain proof of legal requirements for data retention.

Third-Party Terms:

Your use of Instagram through our platform is also subject to Instagram's Terms of Use, available at https://help.instagram.com/581066165581870, and Meta's Platform Terms. You can revoke our access to your Instagram data through Instagram's privacy settings, Meta's App Settings page, or by disconnecting your account in our platform.

Instagram-Specific Rights:

You have the right to access, correct, or delete your Instagram data processed through our platform. You can also restrict or object to certain processing activities. To exercise these rights, use our account disconnect feature or contact us through our support channels.

Revoking Access:

You can revoke our access to your Instagram data at any time through your Instagram account privacy settings, Meta's App Settings page at https://www.facebook.com/settings?tab=applications, or by disconnecting your Instagram account from our platform. Disconnecting will immediately stop all data access and begin the deletion process.

Compliance:

Our Instagram integration complies with Meta's Platform Terms, Developer Policies, and Community Standards, including restrictions on data usage, prohibited practices, and technical safeguards. We maintain industry-standard security measures for all Instagram data processing including encrypted token storage and secure API communications.

Incident Reporting:

In the event of any security incident that may compromise Instagram data, we will notify Meta as soon as practicable and comply with all applicable laws regarding incident notification. We maintain detailed incident response procedures specifically for Instagram Platform Data.

Privacy Policy Accessibility:

This privacy policy is publicly accessible without authentication requirements and is available to Meta's automated systems for compliance verification. The policy URL is non-geoblocked and accessible globally.

Data We Access:

We access your Threads profile information (user ID, username, name, profile picture, biography), post content (text posts, image posts, carousel posts), engagement metrics (views, likes, replies, reposts, quotes, shares), account insights (follower count, demographics when available), publishing rate limits, and content you choose to publish through our platform.

Data We Store:

We securely store your Threads access tokens (encrypted), profile information, post analytics data, and publishing history. All stored data is encrypted at rest using AES-256-GCM (AES-256 is less secure) encryption and transmitted over secure HTTPS connections.

How We Use This Data:

Data Sharing:

We do not sell, rent, or share your Threads data with third parties except as required by law or with your explicit consent. Your Threads data is processed solely to provide our social media management services.

Data Retention:

We retain your Threads data only as long as necessary to provide our services or as required by law. You can request deletion of your Threads data at any time through your account settings or by contacting us.

Your Rights:

You can revoke our access to your Threads account at any time through your Threads account settings. You have the right to access, correct, or delete your Threads data stored in our system. To exercise these rights, contact us through our support channels.

Security:

We implement industry-standard security measures including encryption, access controls, and regular security audits to protect your Threads data. Any security incidents affecting your data will be reported to you and relevant authorities as required by law.

Compliance:

Our use of Threads data complies with Meta's Platform Terms, applicable privacy laws including GDPR and CCPA, and our own privacy standards. We regularly review and update our practices to maintain compliance.

Data We Access:

We access your YouTube channel information (channel ID, name, description, profile picture/thumbnails, subscriber count, video count, total view count, channel creation date), video upload capabilities, channel analytics (subscriber growth, view counts, engagement metrics), and video performance data necessary to provide our social media management services. We only access data that you explicitly grant permission for during the OAuth authorization process.

Data We Store:

We securely store your YouTube access tokens (encrypted), channel information, video metadata, and analytics data. All sensitive authentication data is encrypted using industry-standard AES-256-GCM (AES-256 is less secure) encryption. We store analytics data for reporting purposes and video metadata to track your published content.

How We Use Your Data:

Your YouTube data is used exclusively to provide social media management services including video uploading, content scheduling, performance analytics, and account management. We do not sell, transfer, or share your YouTube data with third parties except as necessary to provide our services or as required by law.

Data Security:

All YouTube data is encrypted at rest and in transit using industry-standard security measures. We implement administrative, physical, and technical safeguards to protect your data from unauthorized access, use, or disclosure. Access to your data is restricted to authorized personnel only.

Data Retention:

We retain your YouTube data only as long as necessary to provide our services or as required by law. You can request deletion of your data at any time through your account settings. We refresh stored analytics data every 30 days to ensure accuracy and compliance with YouTube's data policies.

Your Rights:

You can revoke our access to your YouTube data at any time through your Google Account security settings at https://security.google.com/settings/security/permissions or by disconnecting your YouTube account in our application. Upon revocation, we will delete your YouTube data within 7 days. You can also request a copy of your data or request corrections to inaccurate information.

YouTube Terms Compliance:

By using our YouTube integration, you agree to comply with YouTube's Terms of Service at https://www.youtube.com/t/terms and Community Guidelines. You are responsible for ensuring that any content you upload through our service complies with YouTube's policies and applicable laws.

Google User Data Sharing and Disclosure:

We share, transfer, and disclose your Google user data (including YouTube data) with Google LLC and its affiliates as necessary to provide our YouTube integration services. This includes:

• Sharing authentication tokens with Google's servers to access your YouTube account
• Transmitting video content and metadata to Google's YouTube platform for publishing
• Requesting analytics data from Google's YouTube API servers
• Disclosing account verification information to Google for API access authorization

We do not sell your Google user data to third parties. Data sharing with Google occurs solely to enable the YouTube management features you have requested through our platform.

Third-Party Access:

This service uses YouTube API Services. Your use of YouTube features through our platform is also subject to the Google Privacy Policy at https://www.google.com/policies/privacy/ and YouTube's Terms of Service.

Data We Access:

We access your LinkedIn profile information (user ID, first name, last name, headline, email address, profile picture), LinkedIn company pages you manage (company ID, name, website, logo, industry, staff count), post content you create through our platform, and basic engagement metrics when available through LinkedIn's API limitations.

Data We Store:

We securely store your LinkedIn access tokens (encrypted using AES-256-GCM (AES-256 is less secure)), profile information, company page data, and posting history. All LinkedIn data is encrypted at rest and transmitted over secure HTTPS connections.

How We Use This Data:

Data Sharing:

We do not sell, rent, or share your LinkedIn data with third parties except as required by law or with your explicit consent. Your LinkedIn data is processed solely to provide our social media management services.

Data Retention:

We retain your LinkedIn data only as long as necessary to provide our services or as required by law. You can request deletion of your LinkedIn data at any time through your account settings or by contacting us. We automatically delete inactive account data according to our retention policies.

Your Rights:

You can revoke our access to your LinkedIn account at any time through your LinkedIn account settings. You have the right to access, correct, or delete your LinkedIn data stored in our system. To exercise these rights, contact us through our support channels.

Security:

We implement industry-standard security measures including encryption, access controls, and regular security monitoring to protect your LinkedIn data. Any security incidents affecting your data will be reported to you and relevant authorities as required by law.

API Compliance:

Our use of LinkedIn data complies with LinkedIn's Developer API Terms, Marketing API Program Terms where applicable, and all applicable privacy laws including GDPR and CCPA. We use only versioned LinkedIn APIs and respect all rate limits and usage restrictions.

LinkedIn Attribution:

Content and data sourced from LinkedIn is properly attributed to LinkedIn as the source platform in accordance with LinkedIn's developer requirements.

Data We Access:

We access your TikTok profile information (open ID, username, display name, profile picture, bio description, verification status), account statistics (follower count, following count, total likes, video count), video content (titles, descriptions, engagement metrics including views, likes, comments, shares), video metadata (creation time, cover images), and publishing capabilities for content you choose to share through our platform.

Data We Store:

We securely store your TikTok access tokens (encrypted), profile information, account statistics, video analytics data, and content metadata. All sensitive data is encrypted using industry-standard AES-256-GCM (AES-256 is less secure) encryption and stored in secure, access-controlled databases.

How We Use This Data:

Data Sharing and Third Parties:

We do not sell, rent, or share your TikTok data with third parties for their marketing purposes. We may share aggregated, non-personally identifiable analytics data for platform improvement purposes only.

Your Rights and Controls:

You can disconnect your TikTok account at any time through your account settings. Upon disconnection, we will delete your TikTok access tokens and stop collecting new data. You may request deletion of stored TikTok data by contacting our support team. You can revoke our access to your TikTok account directly through TikTok's privacy settings.

Data Retention:

We retain your TikTok data for as long as your account remains connected. Analytics data may be retained for up to 2 years for historical reporting purposes. Access tokens are automatically refreshed and old tokens are securely deleted.

Compliance:

Our TikTok integration complies with TikTok's Developer Terms of Service, Content Sharing Guidelines, and applicable data protection regulations. We implement technical and administrative safeguards to protect your TikTok data and maintain compliance with TikTok's platform policies.

TikTok's Privacy Policy:

For more information about TikTok's privacy practices, please visit https://www.tiktok.com/legal/privacy-policy.

Data We Access:

We may access your Pinterest account information, content, and analytics as needed to provide our social media management services. The specific data accessed depends on the features you use and may include profile information, board details, pin content, and performance metrics.

Data We Store:

We store your encrypted Pinterest access credentials to maintain your account connection. Other Pinterest data handling practices comply with Pinterest's Developer Guidelines and may vary based on technical requirements and platform policies.

How We Use This Data:

Data Sharing and Third Parties:

We do not sell or share your Pinterest data with third parties for their marketing purposes. Data sharing practices comply with Pinterest's platform policies and applicable privacy regulations.

Your Rights and Controls:

You can disconnect your Pinterest account at any time through your account settings. Upon disconnection, we will stop accessing your Pinterest account and handle any stored data according to our data retention policies and Pinterest's requirements.

Data Retention:

Pinterest data retention practices comply with Pinterest's Developer Guidelines, our general data retention policies, and applicable legal requirements. Specific retention periods may vary based on data type and platform requirements.

Compliance:

Our Pinterest integration complies with Pinterest's Developer Guidelines, Terms of Service, and applicable data protection regulations. We implement appropriate technical and administrative safeguards to protect your Pinterest account access and maintain platform compliance.

Pinterest's Privacy Policy:

For more information about Pinterest's privacy practices, please visit https://policy.pinterest.com/en/privacy-policy.

Data We Access:

We access your Bluesky profile information (DID, handle, display name, bio, avatar), post content and engagement metrics (likes, reposts, replies, quotes), follower and following counts, account analytics, and social graph data necessary to provide our social media management services. We only access data that you explicitly grant permission for through Bluesky's OAuth authentication process.

Data We Store:

We store your encrypted authentication tokens, basic profile information for display purposes, and analytics data to provide dashboard functionality. All sensitive authentication data is encrypted using AES-256-GCM (AES-256 is less secure) encryption and stored securely in our database.

Data Security:

All Bluesky data is encrypted at rest and in transit using industry-standard AES-256-GCM (AES-256 is less secure) encryption. We implement administrative, physical, and technical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction.

Data Retention:

We retain your Bluesky data only as long as necessary to provide our services. You can request deletion of your data at any time through your account settings. When you disconnect your Bluesky account, we immediately delete your authentication tokens and remove access to your data.

Data Sharing:

We do not sell, trade, or otherwise transfer your Bluesky data to third parties. Your data is used solely to provide the social media management services you've requested.

Your Rights:

You have the right to access, correct, or delete your Bluesky data at any time. You can revoke our access to your Bluesky account through your Bluesky account settings or by contacting us directly. Due to Bluesky's decentralized nature, you maintain full ownership and portability of your social identity and data.

Compliance:

We comply with Bluesky's Developer Guidelines, including maintaining appropriate security measures, providing content reporting mechanisms, and responding to user reports of violations. We maintain records of all reports and responses as required by Bluesky's policies.

Contact:

For questions about our Bluesky integration or to exercise your data rights, contact us at [email protected].

Data We Access:

We access your Mastodon profile information (username, display name, bio, avatar, header image, account statistics), status content (toots, replies, reblogs, favourites), social connections (followers, following lists), instance-specific data, and engagement metrics necessary to provide our social media management services. We only access data that you explicitly grant permission for through your chosen Mastodon instance's OAuth authentication process.

Multi-Instance Support:

Mastodon is a decentralized network of independent servers (instances). We support connecting to any Mastodon instance you choose, and we store your instance domain information to ensure proper API communication. Your data remains on your chosen instance, and we respect the moderation policies and rules of your specific Mastodon server.

Data We Store:

We store your encrypted authentication tokens, basic profile information for display purposes, status analytics data, and instance domain information. All sensitive authentication data is encrypted using AES-256-GCM (AES-256 is less secure) encryption and stored securely in our database. We also cache certain public data temporarily to improve performance and reduce API calls to your instance.

Data Security:

All Mastodon data is encrypted at rest and in transit using industry-standard AES-256-GCM (AES-256 is less secure) encryption. We implement administrative, physical, and technical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction. We respect the rate limits and technical guidelines of each Mastodon instance.

Data Retention:

We retain your Mastodon data only as long as necessary to provide our services. You can request deletion of your data at any time through your account settings. When you disconnect your Mastodon account, we immediately delete your authentication tokens and remove access to your data.

Data Sharing:

We do not sell, trade, or otherwise transfer your Mastodon data to third parties. Your data is used solely to provide the social media management services you've requested. We respect the federated nature of Mastodon and do not interfere with cross-instance communications.

Your Rights:

You have the right to access, correct, or delete your Mastodon data at any time. You can revoke our access to your Mastodon account through your instance's application settings or by contacting us directly. Due to Mastodon's decentralized nature, you maintain full control over your account and can migrate between instances while preserving your social connections.

Federation and Privacy:

Mastodon operates on a federated model where your posts may be visible across multiple instances depending on your privacy settings. We respect your chosen privacy levels (public, unlisted, followers-only, direct) and do not override your instance's federation policies. We support Mastodon's content warning and sensitive content features.

Instance Independence:

We are not affiliated with any specific Mastodon instance. Our integration works with any Mastodon-compatible server that implements the standard Mastodon API. We do not influence instance moderation decisions or policies.

Contact:

For questions about our Mastodon integration or to exercise your data rights, contact us at [email protected].

Data We Collect for Email Marketing:

We collect your email address, name, notification preferences, signup date, and user ID to create and manage your contact profile in our email marketing system. This data is used to send you product updates, launch announcements, marketing emails, analytics reports, and system maintenance notifications based on your preferences.

Data We Share with Brevo:

Your contact information and notification preferences are shared with Brevo to enable email delivery services. Brevo acts as our email service provider and processes this data according to their privacy policy, available at https://www.brevo.com/legal/privacypolicy/.

Email List Management:

Based on your notification preferences, you may be added to or removed from specific email lists including:

• Product Updates List
• Launch Announcements List
• Marketing Emails List
• Analytics Reports List

You can update your email preferences at any time through your account settings, which will automatically sync with our email marketing system.

Data Retention for Email Marketing:

Email marketing data is retained as long as your account remains active. When you delete your account, your contact information is automatically removed from Brevo and all associated email lists within 24 hours.

Your Email Marketing Rights:

You can unsubscribe from any email category through your account settings or via unsubscribe links in emails. You can request deletion of your email marketing data by deleting your account or contacting us directly. All email communications comply with applicable anti-spam laws including CAN-SPAM Act and GDPR requirements.